Bug 429023 (CVE-2007-4770)
Summary: | CVE-2007-4770 libicu poor back reference validation | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Josh Bressers <bressers> | ||||||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||||||
Status: | CLOSED ERRATA | QA Contact: | |||||||||
Severity: | high | Docs Contact: | |||||||||
Priority: | medium | ||||||||||
Version: | unspecified | CC: | caolanm, kreilly, security-response-team | ||||||||
Target Milestone: | --- | Keywords: | Reopened, Security | ||||||||
Target Release: | --- | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | |||||||||||
Fixed In Version: | 3.8-5.fc8 | Doc Type: | Bug Fix | ||||||||
Doc Text: | Story Points: | --- | |||||||||
Clone Of: | Environment: | ||||||||||
Last Closed: | 2008-01-28 14:03:32 UTC | Type: | --- | ||||||||
Regression: | --- | Mount Type: | --- | ||||||||
Documentation: | --- | CRM: | |||||||||
Verified Versions: | Category: | --- | |||||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||||
Embargoed: | |||||||||||
Bug Depends On: | 429706, 429707, 430232, 430233 | ||||||||||
Bug Blocks: | |||||||||||
Attachments: |
|
Description
Josh Bressers
2008-01-16 20:53:36 UTC
Created attachment 291973 [details]
An example of icu pattern matching in OOo
I figured out how to get OOo to match patterns with the icu regexp stuff.
Attached is a test-case which just tries to match "I am a pattern"
Created attachment 292114 [details]
Patch agains ICU 3.8 proposed by Andy Heninger
Created attachment 292482 [details]
backported patch
I can't commit to RHEL icu without approved bugzilla ids.
This is now public: http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com icu-3.8-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. icu-3.6-20.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0090.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-1076 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-1036 |